Releases: GSA/smartpay-training
Releases · GSA/smartpay-training
SmartPay Training Sprint 55 Release v8.1
This sprint release contains the following:
- Code Scanning Alert: Workflow Does Not Contain Permissions
#815 - Code Scanning Alert: Workflow Does Not Contain Permissions
#818 - Code Scanning Alert: Workflow Does Not Contain Permissions
#817 - Code Scanning Alert: Workflow Does not Contain Permissions
#820 - Code Scanning Alert: Workflow Does Not Contain Permissions
#816 - Code Scanning Alert: Workflow Does not Contain Permissions
#819
SmartPay Training Sprint 54 Release v8.0
This sprint contains the following:
- Integration to Application Security as a Service (AppSECaaS)
#654 - Dependabot Alert: esbuild enables any website to send any requests to the development server and read the response
#762 - Upgrade to Astro 5.0
#795 - Dependabot Alert: PrismJS DOM Clobbering vulnerability
#783 - Dependabot Alert: Babel has inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
#789 - Dependabot Alert: Vite bypasses server.fs.deny when using ?raw??
#801 - Dependabot Alert: Vite has an server.fs.deny bypass with an invalid request-target
#808 - Dependabot Alert: Vite has a server.fs.deny bypassed for inline and raw with ?import query
#800 - Dependabot Alert: Vite allows server.fs.deny to be bypassed with .svg or relative paths #83
#799
SmartPay Training Sprint 53 Release v7.2
This sprint release contains the following:
- Add Admin Role to User - Varuna Singh
#809 - Dependabot Alert: tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
#803 - Dependabot Alert: Axios Requests Vulnerable to Possible SSRF and Credential Leakage via Absolute URL
#802 - UI: Add link to Program Website, Contacts, and FAQ on Training Application
#696 - Dependabot Alert: Gunicorn HTTP Request/Response Smuggling vulnerability
#788
SmartPay Training Sprint 52 Release v7.1
SmartPay Training Sprint 51 Release v7.0
This sprint release contains the following:
- GSPC Report Enhancements
#644 - Bug: Alphabetize Credit Cards on P/C Travel Training Lesson 1
#776 - GSPC - Ability to Send Additional Notifications to Invited Users
#655 - GSPC- Add Unique GUID to each email sent
#678 - GSPC Email Functionality
#640 - Static Code Vulnerability: Vulnerability Contained in USWDS Library
#697 - Bug: GSPC Verify your GSA SmartPay Program Certification (GSPC) Coursework and Experience Email Errors
#754 - Bug: Alphabetize Credit Cards when listed on various screens
#771
SmartPay Training Sprint 50 Release v6.10
This sprint release contains the following:
- Update the signature on all certificates
#755
SmartPay Training Sprint 49 Release v6.9
This sprint release contains the following:
- User Certification - Export of Users with the Reporting Role & Admin Role
#757 - Dependabot Alert: Websites were able to send any requests to the development server and read the response in vite
#753 - Dependabot Alert: Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening
#750
SmartPay Training Sprint 48 Release v6.8
This sprint release contains the following:
SmartPay Training Sprint 47 Release v6.7
This sprint release contains the following:
- Dependabot Alert: Atro CSRF Middleware Bypass (security.checkOrigin)
#720 - Dependabot Alert: Astro's server source code is exposed to the public if source maps are enabled
#725 - Update to the latest version of USWDS 3.11.0
#722 - BUG: Training Report - Selecting an Agency w/o Bureau No Results Returned
#728 - Update SMTP to reflect GSA IT naming convention standard
#736